Re: vproc memory monitoring
Pablo Graubner wrote:
> Hi folks,
>
> I am working on additional security mechanisms for the dragonfly vkernel
> and I want to monitor all in-memory copies (like intel asm "mov" and its
> derivates) of a running vproc in order to check if the vproc is allowed
> to copy data to the resp. memory segment.
You would have to single-step every instruction. In this case I guess you can even emulate the CPU and be faster.
Now if you have a way to check whether a process is allowed to perform a certain memory operation, then can't you simply use the page table and let the CPU do the checking job?
cheers
simon
討論串 (同標題文章)